Last updated
14 May 2026
How we collect, use, and protect personal data
This page sets out how Inzen handles personal data collected through our website and in the course of our consulting work.
1. Who We Are
Inzen ("Inzen", "we", "us", "our") is an AI consulting business providing services including LLM application development, process automation, and custom AI agent design.
We are the data controller for personal data collected through our website (inzen.co.uk) and in the course of our business activities. This means we are responsible for deciding how and why your personal data is used.
Controller: Inzen
Registered Address: 5 Cornfield Terrace, Eastbourne, United Kingdom, BN21 4NN
Email: [email protected]
Website: inzen.co.uk
2. What Personal Data We Collect
2.1 Contact Form Submissions
- Your name
- Your email address
- Your organisation name, if provided
- The content of your message
2.2 Website Analytics Data
When you visit our website, we may collect technical data via Google Analytics, but only after you have given cookie consent.
- Your IP address, anonymised
- Browser type and version
- Device type and operating system
- Pages visited and time spent on each page
- Referring website or search terms used to find us
- Geographic location at country or city level
2.3 Client and Prospect Data
Following a consultation, proposal, or engagement, we may also hold business contact details, communication records, and information you share about your organisation's needs.
2.4 Data We Do Not Collect
We do not knowingly collect sensitive personal data (special category data) such as health information or biometric data through our website, and we do not knowingly collect data from children under 16.
3. How We Use Your Personal Data
We only use your personal data where we have a lawful basis under UK GDPR.
| Purpose | Lawful Basis |
|---|---|
| Responding to contact form enquiries | Legitimate interests, to communicate with prospective clients who have chosen to contact us |
| Sending proposals, statements of work, and engagement communications | Contract, where processing is necessary to perform or enter into a contract with you |
| Understanding website usage and improving content | Consent, collected via the cookie consent banner before analytics cookies are set |
| Maintaining records of client engagements | Legitimate interests, to manage business relationships and comply with our obligations |
| Complying with legal or regulatory obligations | Legal obligation |
We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
4. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Contact form enquiries where no engagement follows | 12 months from submission |
| Client contact and engagement records | 6 years from the end of the engagement |
| Website analytics data | 26 months, with IP addresses anonymised |
| Email correspondence | 6 years from the last communication on a matter |
At the end of the applicable retention period, personal data is securely deleted or anonymised.
7. Your Rights
Under UK GDPR you have the following rights. To exercise any of them, contact us at [email protected]. We will respond within one calendar month.
Access
Request a copy of the personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Ask us to delete your data where it is no longer necessary.
Restriction
Ask us to pause processing your data in certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Object
Object to processing based on legitimate interests.
Withdraw Consent
Withdraw consent at any time, including for analytics cookies.
Complain
Lodge a complaint with the ICO at ico.org.uk.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Secure HTTPS connections across our website
- Access controls limiting who within Inzen can access personal data
- Use of reputable, security-certified third-party service providers
- Regular review of our data handling practices
In the event of a data breach likely to affect your rights, we will notify you and the ICO as required by law.
9. International Data Transfers
Some service providers, including Google, may process personal data outside the UK. Where this occurs, we rely on appropriate safeguards, including UK adequacy decisions, Standard Contractual Clauses, and certification schemes such as the UK-US Data Bridge.
Contact us at [email protected] to request details of the safeguards we rely on.
10. Use of AI Tools
As an AI consulting business, Inzen uses AI-powered tools internally to support our work. We apply the following principles:
- We do not input identifiable personal data into third-party AI tools without an appropriate legal basis and, where necessary, a data processing agreement in place.
- Where AI tools are used in client engagements, this is disclosed in the relevant statement of work.
- We keep our use of AI tools under review as the regulatory landscape evolves.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the last updated date and, where appropriate, notify you by email or via a notice on our website. Continued use of our website following notification constitutes acknowledgment of the updated policy.
12. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy:
Inzen - Data Controller
Registered Address: 5 Cornfield Terrace, Eastbourne, United Kingdom, BN21 4NN
Email: [email protected]
Website: inzen.co.uk
You can also contact the Information Commissioner’s Office (ICO) at ico.org.uk or on 0303 123 1113 if you are unhappy with how we have handled your data.